- tools: Fix virt-host-validate SEV detection

3f9c1a4b-fix-host-validate-sev.patch boo#1188715 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=906
2021-10-07 04:15:49 +00:00 · 2021-10-07 04:15:49 +00:00 · 0d076b07d4
commit 0d076b07d4
parent 73e1b007e3
3 changed files with 38 additions and 0 deletions
--- a/3f9c1a4b-fix-host-validate-sev.patch
+++ b/3f9c1a4b-fix-host-validate-sev.patch
@ -0,0 +1,30 @@
+commit 3f9c1a4bb8416dafdaa89358498233aa6684377c
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Tue Oct 5 22:34:57 2021 -0600
+
+    tools: Fix virt-host-validate SEV detection
+    
+    virt-host-validate checks if AMD SEV is enabled by verifying
+    /sys/module/kvm_amd/parameters/sev is set to '1'. On a system
+    running kernel 5.13, the parameter is reported as 'Y'. To be
+    extra paranoid, add a check for 'y' along with 'Y' to complement
+    the existing check for '1'.
+    
+    Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+
+Index: libvirt-7.8.0/tools/virt-host-validate-common.c
+===================================================================
+--- libvirt-7.8.0.orig/tools/virt-host-validate-common.c
+++ libvirt-7.8.0/tools/virt-host-validate-common.c
+@@ -501,7 +501,7 @@ int virHostValidateSecureGuests(const ch
+             return VIR_HOST_VALIDATE_FAILURE(level);
+         }
+ 
+-        if (mod_value[0] != '1') {
+        if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
+             virHostMsgFail(level,
+                            "AMD Secure Encrypted Virtualization appears to be "
+                            "disabled in kernel. Add kvm_amd.sev=1 "
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Oct  7 04:14:22 UTC 2021 - James Fehlig <jfehlig@suse.com>
+
+- tools: Fix virt-host-validate SEV detection
+  3f9c1a4b-fix-host-validate-sev.patch
+  boo#1188715
+
 -------------------------------------------------------------------
 Fri Oct  1 15:22:44 UTC 2021 - James Fehlig <jfehlig@suse.com>

--- a/libvirt.spec
+++ b/libvirt.spec
@ -285,6 +285,7 @@ Source6:        libvirtd-relocation-server.xml
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
+Patch0:         3f9c1a4b-fix-host-validate-sev.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch